Chair of the House Surveillance and Reform Committee Carolyn Maloney wrote to CNA Financial Corp. on Thursday. and raised concerns about the insurer's reported $ 40 million to hackers to end a ransomware attack on its system.
"I am concerned that the decision to pay the cybercriminals creates a dangerous precedent that will put an even greater target on the backs of companies that risk ransomware attacks in the future," the New York Democrat said in a letter to insurer CEO Dino Robusto.
The alleged payment, which the CNA last month refused to confirm, is the latest example of a company paying millions of dollars in ransom to cybercriminals without any disclosure, the rep said. Maloney.
"Congress needs detailed information on ransom payments that companies like CNA made to cybercriminals to effectively legislate on ransomware and cyber security in the United States, she said.
Rep. Maloney sent a similar letter to Colonial Pipeline CEO Joseph Blount about the company's payment of $ 4.4 million to hackers last month.
The women congressmen asked the companies to provide all documents and communications related to the attacks, including communications about possible ransom payments. [1
"While our investigation is still ongoing, the CNA is convinced that the attack has been successfully stopped and we are working normally. "We support the Congress in their efforts to understand and identify appropriate solutions to the growing threat of ransomware attacks," the statement said.